Skip to content

fix: remove unsafe exec() in person.cpp#366

Open
orbisai0security wants to merge 1 commit into
Light-City:masterfrom
orbisai0security:fix-strcpy-buffer-overflow-person-cpp
Open

fix: remove unsafe exec() in person.cpp#366
orbisai0security wants to merge 1 commit into
Light-City:masterfrom
orbisai0security:fix-strcpy-buffer-overflow-person-cpp

Conversation

@orbisai0security

Copy link
Copy Markdown

Summary

Fix critical severity security issue in basic_content/this/person.cpp.

Vulnerability

Field Value
ID V-001
Severity CRITICAL
Scanner multi_agent_ai
Rule V-001
File basic_content/this/person.cpp:10

Description: The person.cpp constructor uses strcpy(name, n) to copy a caller-supplied string into a fixed-size char array without any bounds checking. If the caller passes a string longer than the destination buffer, the excess bytes overwrite adjacent stack or heap memory, enabling arbitrary code execution via return-address or function-pointer overwrite. The sig_examp.cpp files use strcpy with hardcoded strings (currently safe) but establish an unsafe coding pattern that is likely to be replicated with variable-length input.

Changes

  • basic_content/this/person.cpp

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Automated security fix by OrbisAI Security

Automated security fix generated by Orbis Security AI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant